Suricata 1.4 released!

The OISF development team is proud to announce Suricata 1.4. This release is a major improvement over the previous releases with regard to performance, scalability and accuracy. Also, a number of great features have been added.

The biggest new features of this release are the Unix Socket support, IP Reputation support and the addition of the Luajit keyword. Each of these new features are still in active development, and should be approached with some care.

The 1.4 release improves performance and scalability a lot. The IP Defrag engine was rewritten to scale better, various packet acquisition methods were improved and various parts of the detection engine were optimized further.

The configuration file has evolved but backward compatibility is provided. We thus encourage you to update your suricata configuration file. Upgrade guidance is provided here: Upgrading_Suricata_13_to_Suricata_14

New features

Unix socket mode for batched processing of series of pcap (#571, #552) (experimental)

Interaction with Suricata via uix socket (#571, #552) (experimental)

IP Reputation: loading and matching (#647) (experimental)

New keyword: “luajit” to inspect packet, payload and all HTTP buffers with a Lua script (#346) (experimental)

Changes since 1.4rc1

Unified2 would overwrite files if file rotation happened within a second of file creation, leading to loss of events/alerts (#665)

Add more events to IPv6 extension header anomolies (#678)

Fix ICMPv6 payload and checksum calculation (#677, #674)

Clean up flow timeout handling (#656)

Fix a shutdown bug when using AF_PACKET under high load (#653)

Fix TCP sessions being cleaned up to early (#652)

Credits

Jason Ish — Endace

Ludovico Cavedon — Lastline

Last G

Matt Keeler — Npulse

Chris Wakelin

Will Metcalf

Ivan Ristic

Kyle Creyts

Michael Hoffrath

Rmkml

Jean-Paul Roliers

Ignacio Sanchez

Michel Saborde

Simon Moon

Coverity

Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.